In order to log out and forget password, you must load the exact same values in Auth.AuthTable and Auth.AuthList as you had when the user logged in. In cases where the user has chosen the "Remember password" option, both the Logout and ForgetPassword methods delete the password cookie from the browser, by sending a new HTTP header command. The problem in this case is that the Redirect method interferes with the cookie header command, so the cookie is never deleted from the browser. I believe that your code would work fine if you simply deleted the calls to Response.Redirect. You will also need to remove the 'logout' and 'bLogout' fields from the QueryString and Post data in order to prevent the Authenticate method from passing them on to the next request. Here's an updated version of your code: